CS 526: Information Security

List of Topics (By Week):

Introduction (1 week)

Role of security. Types of security. Basic definitions: trust, security, vulnerability, safeguard, countermeasure, etc.

Formalisms (1.5 weeks)

Information flow. Classification schemes. Secure programming issues. Complexity and analysis.

Policy (1.5 weeks)

Risk Analysis. Policy Formation. Role of audit and control.

Basic cryptography (2 weeks)

Block and stream ciphers. Public and private key systems. Message digests. Approximate strength of ciphers.

OS Security (2 weeks)

Authentication, authorization and identification. Access control. Capability and ACL mechanisms. Audit. Viruses and malicious code.

System Design (1 week)

Secure design principles. TCB and security kernel construction. Least-privilege. Verification and validation. Certification issues.

Network Security (2 weeks)

Authentication. Interception and denial of communications. Distributed cooperation and commit. Distributed authentication issues: Kerberos, SESAME, etc. Routing, flooding, spamming. Firewalls.

Intrusion Detection and Response (1 week)

Misuse and intrusion detection: host, network, distributed, application. Pattern and behavior detection. Distributed attacks and defenses. Limitations.

Physical and Personnel Security (1 week)

Physical threats and countermeasures: fire, flood, theft, etc. Personnel screening and training. Awareness. Management. Role of policy. Surveillance.

Operational Security (1 week)

Scanning and sweeping. Backups. Maintenance and bug fixes. Upgrade paths. Training. Role of Randomness.

Legal and Societal Issues (1 week)

Copyright, patent, trade secret. Hacking and intrusion. Classification. Privacy. Spamming. Information aggregation. Identity theft.

2000.09